Skip to content
Vixar.
Try free
Legal

Last updated ·

Who we are

Vixar (“Vixar”, “we”, “us”) operates the Service and is the data controller for the personal data described here. We are based in Riyadh, Saudi Arabia. This Privacy Policy covers our products — currently VixarScribe, a meeting transcription and summarization app available on the web at scribe.vixar.app and as an Android app.

For any privacy question, or to exercise your rights, email privacy@vixar.app or use the in-app feedback button. As the controller, we are responsible for your data under the Saudi Personal Data Protection Law (PDPL) and, where applicable, the EU/UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other data-protection laws.

Recording and consent — your responsibility

VixarScribe records and transcribes conversations. Laws on recording people vary by country and region, and many require the consent of everyone being recorded. You are responsible for obtaining any consent the law requires before you record or upload a meeting. We provide the tool; we do not collect consent from the other participants on your behalf, and we cannot know whether you have it. Please tell participants when a meeting is being recorded. See our Terms of Service for more.

What we collect

We collect only what we need to run the Service.

Account data

When you sign in with Google, we receive your email address, display name, profile picture, and Google account ID. We never receive your Google password. We use this to create and secure your account and to attribute your meetings and billing to you.

Meeting data

When you record or upload a meeting, we store:

  • the audio you record or upload;
  • the live and final transcripts;
  • AI-generated outputs — summary, agenda, decisions, and action items, including any alternate versions you generate;
  • meeting metadata — title, start and end time, duration, detected language, and number of speakers;
  • optional speaker name labels you assign.

Meeting content is the most sensitive data we hold, and we treat it that way — see How your audio is processed and Who we share data with below.

Technical and usage data

To run the Service securely we log standard technical data: IP address, browser/device user agent, request paths, and timestamps, plus error diagnostics. We use this for security, abuse prevention, debugging, and capacity planning — not to build advertising profiles.

Billing data

If you subscribe to a paid plan, payment is handled by PayPal (on the web) or Google Play Billing (in the Android app). We never receive your full card or bank details. We store the subscription identifier, plan tier, and status the provider returns to us, so we can grant the right plan and handle renewals and cancellations.

Feedback

If you send feedback — a rating, a comment, or a bug report — we store it along with optional technical context (such as app version and operating system) so we can act on it.

How your audio is processed

This is the part people care most about, so we want to be specific:

  • Transcription and speaker separation run on our own infrastructure. The speech-to-text and speaker-diarization models run on GPU servers we operate — your audio is not sent to a third-party transcription service.
  • Summaries are generated by DeepSeek. To produce the summary, agenda, decisions, and action items, the meeting transcript text (not the audio) is sent to the DeepSeek API. We send only the text needed to generate the outputs. DeepSeek’s handling of that text is governed by the DeepSeek Privacy Policy; we do not control their model-training practices, so if this matters to you, please review their policy.
  • We do not use your meeting content to train AI models, and we do not grant anyone else the right to do so for our own purposes.

We use your data to:

  • Provide the Service — capture audio, produce transcripts and summaries, and deliver them to your account. (Legal basis: performance of our contract with you.)
  • Bill paid plans — only if you subscribe. (Legal basis: contract; and legal obligation for tax and accounting records.)
  • Keep the Service secure and working — authentication, abuse prevention, debugging, monitoring, and capacity planning. (Legal basis: our legitimate interests in a secure, reliable service.)
  • Communicate with you — transactional emails such as “your meeting is ready,” and replies to your requests. (Legal basis: contract and legitimate interests.)
  • Comply with the law — respond to lawful requests and meet legal obligations. (Legal basis: legal obligation.)

We do not sell your personal data, we do not show ads, and we do not share your meeting content for anyone else’s marketing.

Who we share data with

We share data only with the service providers (sub-processors) we need to operate, each handling data on our behalf under contract:

  • Google — sign-in (we receive your profile; Google does not receive your meetings) and, on Android, Google Play Billing for subscriptions.
  • PayPal — subscription billing on the web.
  • DeepSeek — meeting-summary generation from transcript text, as described above.
  • Email delivery — a transactional email provider sends Service emails (for example, meeting-ready notifications).
  • Error monitoring — an error-tracking service (Sentry) captures crash and error diagnostics; it is configured to minimize personal data and does not receive your meeting content.
  • Hosting and network — server hosting and a content-delivery/edge network (Cloudflare) move traffic to and from the Service.

We may also disclose data if required by law, to enforce our Terms, or to protect the rights, safety, and security of our users or the Service.

Where your data is processed

We operate the Service primarily from our own servers and rely on the sub-processors above, some of which operate in other countries. This means your data — including transcript text sent for summarization — may be processed outside your country of residence. Where we transfer personal data internationally, we rely on appropriate safeguards and on each provider’s own transfer mechanisms. By using the Service, you understand that your data is processed in these locations.

How long we keep it

  • Audio recordings are kept for your plan’s retention window and then permanently deleted:
    • Free — 7 days
    • Basic — 30 days
    • Pro — 90 days
    • Max — 365 days
  • Transcripts and AI outputs (text only, no audio) are kept so you can revisit your meeting history, until you delete the meeting or your account.
  • Account data is kept until you delete your account.
  • Billing and transaction records may be kept for the minimum period required by tax, accounting, and legal obligations. These contain no meeting content.
  • Logs and any backups roll off on their own schedules. Content you delete is removed from active systems immediately and purged from any backups within a limited period after deletion.

You can delete any single meeting from its detail page at any time, and you can delete your whole account at any time (see below).

Your rights and choices

Wherever you live, you can:

  • Access your meetings, transcripts, and outputs from your account.
  • Export your data. Download any meeting as plain text or Markdown, or download a complete copy of your account data as a JSON file from Settings → Export account data (web and Android).
  • Correct your profile — edit your display name and time zone in Settings.
  • Delete any individual meeting, or delete your entire account, which performs an immediate hard delete of your data. See Delete your account for the steps and exactly what is removed.

Depending on where you live, you may also have the right to object to or restrict certain processing, to withdraw consent, and to lodge a complaint with your data-protection authority:

  • EEA / UK (GDPR): rights of access, rectification, erasure, portability, restriction, and objection, and the right to complain to your local supervisory authority.
  • California (CCPA/CPRA): the right to know, delete, and correct, and to opt out of the “sale” or “sharing” of personal information — we do not sell or share your personal information as those terms are defined.
  • Saudi Arabia (PDPL): the rights granted under the Personal Data Protection Law, including access, correction, and deletion.

To exercise any right, use the in-app controls or email privacy@vixar.app from your account email. We verify requests against your account email and action verified email requests within 30 days.

Security

We take reasonable measures to protect your data:

  • All traffic is encrypted in transit (HTTPS/TLS).
  • We use Google Sign-In, so we never store your password; on mobile, your session tokens are kept in the device’s secure keystore.
  • Access to production systems and recordings is restricted to operators who need it to run the Service and respond to incidents.
  • We apply access controls to our databases and any backups.

No online service can be perfectly secure. If a security incident affects your personal data, we will notify you — and, where required, the relevant authorities — in a timely manner.

Automated processing

VixarScribe uses AI to generate transcripts and summaries from your meetings at your request. We do not use it to make automated decisions that produce legal or similarly significant effects about you, and we do not profile you for such decisions.

Children

VixarScribe is intended for adults in a workplace or professional setting. It is not directed to children, and we do not knowingly collect personal data from anyone under 13 (or under 16 in the EEA). If you believe a child has provided us data, contact us and we will delete it.

Cookies and tracking

  • The marketing site (vixar.app) uses minimal first-party cookies (for example, to remember your theme choice). We do not run third-party advertising or analytics trackers on it.
  • The app (scribe.vixar.app) uses a session cookie to keep you signed in; the Android app uses secure on-device token storage instead of cookies.
  • We do not track you across other websites, and we do not sell tracking data.

Changes to this policy

When we make material changes, we will update the “Last updated” date above and notify active users by in-app message or email. Continued use of the Service after a change takes effect means you accept the updated policy.

Contact. Vixar — privacy@vixar.app, or use the in-app feedback button. For account deletion specifically, see Delete your account.